Comments

You're not logged in. Register or login to post a comment.
  1. They forgot the most important step: complain on the forums.

  2. I’d like to suggest anyone who got hacked use Hijackthis.
    http://sourceforge.net/projects/hjt/

    It is a brilliant program that shows you every little thing that runs on your machine.  Including anything that has attached itself to internet explorer.  It is an advanced tool so it might have a bit of a learning curve.   You run a scan, it produces a log.  

    You can use http://hijackthis.de/ to analyze the log output.  That site does a decent job analyzing altho it is a little out of date.  It will identify most safe processes tho which leaves you with less to wade thru manually.   Anything it doesn’t know about, just google the process name.  Other sites will tell you what they are for.   I’d be happy to help if anyone is interested.  We could run a forum thread on it.  

  3. I also find it extremely strange that in 2012 a company such as Blizzard do not enforce case-sensitive passwords, do not allow certain characters (such as underscore) in passwords nor do they throttle the number of login attempts possible per time unit or impose a limit of X failed attempts which triggers a cooldown period that needs to pass before you can try again. In my view, these things are all contradictory to “We care about the security of your Battle.net accounts; in fact, it is one of our top priorities.”

    • They (as in Blizzard North) did this heavily in D2.

      • They still do, I got locked out for a while yesterday when there were problems with the servers and I spammed the login, also I bet they monitor suspicious activities such as IP address locations and numerous failed passwords etc.

        • I thought they didn’t and apparently I was wrong. That feels a bit comforting. However, IMO, it doesn’t redeem the fact that passwords aren’t case sensitive.

    • This whole time I just assumed it was case-sensitive. What the heck Blizzard?

    • People are not getting hacked because passwords are not case-sensitive, unless they are the type of people who believe that pAsSwORd is a good password.

      • I agree with you, but it still feels like a silly limitation. I’m no programming wiz, but I don’t see how that additional degree of freedom could complicate matters much on their side of things. 

    • What I find extremely strange is how Blizzard is so worried about those hacked players when it’s their fault for being scammed/hacked.
      Where there’s smoke there’s fire!

  4. Does anyone here believe passwords are being compromised via brute force methods? If not, then explain the difference it makes between allowing case sensitivity and not allowing it. I’ll give you a hint. There is no difference.

    • If none of the security measures I meantioned were in place, there could very well be brute force compromises, with for example bot nets doing the hard work. They would still need to get the e-mail address used for the account, but that should be easy with social engineering/fake ads/phishing/what have you.

      But that’s beside the point, even if no-one is getting brute forced (and I’m not saying anyone is) I still think a modern gaming service (or any online service TBH) should at least allow for case sensitive passwords. Anything else looks like a design oversight (and an embarassing one at that).

      • It’s not an oversight. It’s definitely on purpose. Blizzard has handled passwords identically for ages now. Their reasoning is to reduce the overhead (man hours, time, money) associated with people not remembering their passwords. More specifically, which letters they capitalized and which ones they didn’t.

  5. I’d love to use the authenticator I ordered almost 2 weeks ago. Too bad it still hasn’t shipped…

  6. Case sensitive doesn’t help one bit. It only confuses users. Once you have a key logger, your password length, upper, lower case etc …is not important.

    Brute forcing on blizzard’s databanks isn’t possible, since Blzz use an encoding key that changes your password to 60+ encrypted code.

    WHEN oh WHEN are people going to stop talking about things they have no clue about. 
     

  7. No one is getting hacked because of lack of case sensitivity, but let’s be honest- it just doesn’t look good on their behalf not to have case sensitive passwords.  Although it doesn’t actually help security that much, it doesn’t exactly hurt either.  It’s not 1995 anymore; I think everyone expects passwords to be case sensitive, so it just seems weird that a basic precaution seems to be missing- it does make it a bit more difficult for some people to believe that their servers are secure (although I don’t really have any doubts on this myself).

    I was ok with it not being in D2, when all you could lose was a handful of characters (which could be mitigated by having multiple accounts).  But now that all of your games and all of your accounts are attached to a single log in, I think they should have a better password policy, even if it;s just to make it look as if they are more secure.

Comments are closed.